1. Field of the Invention
The present invention generally relates to encrypted recording of information such as audio and/or visual information and, more particularly, to limiting access to and providing authentication of recorded information, especially when recorded for documentation purposes.
2. Description of the Prior Art
Memoranda of transactions, circumstances or occurrences have been known since antiquity. However, the veracity of any written record can easily be called into question and, even providing for such authentication as contemporary notations by witnesses attached to the same document, often does not necessarily remove all question in regard to the veracity of the content of the writing. Further, by its nature, a writing cannot convey the entirety of the circumstances and other collateral information which is available at any given time and which may have some relevance to the information recorded.
In recent years, other recording media such as sound and/or video recordings, developed to a high degree of sophistication and high fidelity of reproduction, such as for education and entertainment purposes, have been used to provide more complete documentation of a particular occurrence such as for the purpose of analyzing sports and other performance techniques, authenticating wills, documenting procedures such as medical operations and police interrogations, documenting conditions and results of experiments and manufacturing processes, documenting in-camera judicial proceedings and business negotiations and the like to provide a more complete and unambiguous record and allow verification and/or detection of ancillary conditions possibly giving rise to apparently inconsistent results and the like.
Such recordings are also generally deemed indispensable for surveillance for security (e.g. documenting access to secure areas), crime deterrence and/or identification of possible perpetrators and other purposes. However, such surveillance must often be done more or less surreptitiously to achieve the desired result and/or to avoid such surveillance from being defeated. At the same time, in many societies, including that of the United States, there is a substantial expectation of privacy by individuals, particularly in regard to their actions and utterances. Thus, the expectation of privacy is in direct conflict with the making of recordings for documentation, study or surveillance purposes.
In many instances such as monitoring of bank lobbies, commercial stores and the like, it has been considered sufficient, in the past, for recording to be performed selectively under control of security personnel monitoring live video signals from a plurality of cameras and only recording events of interest (e.g. where observed activity may justify documentation) or that any recording made be kept private in the absence of some compelling reason for revealing it by the entity making the recording and for the recording to be destroyed after a relatively short period of time if an incident of interest is not, in fact, recorded. For example, video surveillance may be recorded on a continuous tape loop of predetermined duration so that only the most recent period of predetermined duration (e.g. several minutes) recorded over earlier recorded signals will be available.
However, particularly since the development of solid-state image sensors and improved microphone technology in the last few decades, the cost of audiovisual pick-up devices (e.g. cameras, microphones and devices capturing both image and sound) has been greatly reduced and availability has become widespread, evidently encouraging the use of audio and/or visual recording in an increasingly broad range of applications. At the same time, the size of such devices has been much reduced to the point that such audiovisual pick-up devices may be much more easily concealed and employed in greater numbers than only a very few years ago or used in locations to monitor conditions or procedures not previously possible. This increased facility for making of recordings has led to increased sensitivity as to whether or not a recording is or should be made in particular situations unless strict limitation of distribution and playback of the recording can be assured. On the one hand, if a recording is not made, legitimately interested parties may not be able to ascertain or resolve disputes or differing interpretations of particular circumstances such as a business negotiation, medical or manufacturing procedure, experiment or criminal act or the like. On the other hand, if a recording capable of misuse is made but could become available to persons capable of misusing it, privacy rights and expectations of privacy may be violated, the recording may be used for criminal or anti-social purposes such as harassment or blackmail, or the integrity of judicial proceedings may be compromised. At the present state of the art, these conflicting interests cannot be harmonized. On the contrary, as society, commerce and technology become more complex and the making of recordings facilitated, there is increased incentive for recordings to be made notwithstanding the fact that greatly increased efforts to limit distribution and performance of such recordings must also be made and, perhaps more importantly, the efficacy of such efforts must be assured. Conversely, such increased efforts and any increased efficacy thereof may engender the possibility of the appearance of authenticity of information which has been artificially created or for which authorization for access to an authentic record has not been duly provided while interested parties, who may be involved in the development of the information, must be confident of the identification of their correspondents during the development of the information.
Encryption of recordings is known for avoiding piracy, unauthorized access (e.g. pay-per-view programs) or copying (e.g. making counterfeit recordings). However, such encryption and access authorization arrangements are directed to allowing access to particular copies of the recorded material substantially transparently upon certain conditions (e.g. payment of a fee) being met by any member of the public and not to complete sequestration of the original recording absent authorized access by particular interested parties.
In particular, it is known to secure original recordings by symmetrical encryption with random session keys. As is known in the art, symmetrical encryption techniques use the same key for both encryption and decryption. Symmetrical encryption and decryption is fast but requires the sender and receiver to share a key beforehand by well-known agreement schemes such as Diffie-Hellman key agreement techniques or by use of public key encryption which has the additional benefit of providing authentication by digital signatures.
In order to secure communications over communication links where information is particularly subject to interception, asymmetric encryption techniques, often referred to as public/private key infrastructures have been developed. In such asymmetric encryption techniques, an intended recipient is able to specify a key to a potential sender of a message for encryption of the desired information. However, once encrypted with such a key, decryption of the information is possible only with another key which known to the intended recipient but is not known to the sender or others and is not communicated over the communication link. Therefore, two parties can communicate in a secure manner since only the intended recipient can decrypt the information to the exclusion of all others.
So-called secret sharing techniques are also known in which secret, important information, such as a decryption key for encrypted data can be divided into a number of shares, one unique divided portion of the key being provided for each interested party. The divided portions of the key can be arranged so as to implement any prescribed access policy, for example, allowing the secret information to be recovered from share 0 alone or at least two of shares 1, 2 and 3. In general, any set of shares sufficient to decrypt the secret under a given access policy will be referred to as a quorum under that policy.